• Information Systems Review
• /
• v.16 no.2
• /
• pp.1-23
• /
• 2014

With side effects such as Phishing and Spam using personal information in Social Network Service, there is a growing need for studies related to harmful behaviors such as the reason for privacy violation. As such, this study assumed privacy violation to be ethical decision, making behavior and used the Theory of Planned Behavior and Motivation Theory, which are mostly used in social science to identify the factors affecting privacy violation. The results suggested that the Perceived Enjoyment and Punishment used in motivation studies affected privacy violation behaviors, and that the factors of the Theory of Planned Behavior such as Attitude toward Privacy Violation, Subjective Norms of Privacy Violation, and Perceived Behavioral Control with regard to Privacy Violation significantly influenced the Intention to Privacy Violation. On the other hand, Perceived Curiosity and Subjective Norms of Privacy Violation did not affect the Intention to Privacy Violation. Therefore, this study confirmed that the Theory of Planned Behavior was appropriate to explain the Intention to Privacy Violation, and that the variables of the Motivation Theory generally influenced the Attitude toward Privacy Violation. This study was significant since it extended the scope of theoretical privacy study from users and victims centered to inflictor and applied the Extended Theory of Planned Behavior using the variables of the Motivation Theory in the study of Intention to Privacy Violation. From the practical aspect, it provided the ground for privacy education based on the fact that the Attitude toward Privacy Violation can be curbed when education on the Privacy Concerns, Perceived Enjoyment, and Punishment with regard to privacy is strengthened. It also cited the need for the punishment of privacy violation and the practical ground to amend the terms and conditions of user license and Personal Information Protection Act to provide policy support.

• Informatization Policy
• /
• v.21 no.3
• /
• pp.56-84
• /
• 2014

ICT development has led the government to provide more personalized services which means that the government has to collect more private information to satisfy the information demand from citizen. It is a dilemma because the more tailored information services may arise conflict against the right of private information protection which is one of the side effect by ICT. In this study, we analyzed the case of NEIS which still represents the issue of privacy conflict among each stakeholder's perspectives. To analyze the case, we used the frame analysis which is used as a tool for analyzing the case of public conflict. Through the analyses and discussions, we found the policy implication for the future ICT policies which can mediate the conflict between a data opening and the protection of privacy. Finally, we suggest a new governance approach for the better ICT policy contrary to top-down approach.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.13 no.6
• /
• pp.173-186
• /
• 2013

New information technologies make it easy to access and acquire information in various ways. However, It also enable powerful and various threat to system security. To challenge these threats, various extended access control methods are being studied. We suggest a new extended access control method that make it possible to conform to security policies enforcement even with discrepancy between policy based constraints rules and query based constraints rules via their semantic relationship. New our approach derives semantic implications using tree hierarchy structure and coordinates the exceed privileges using semantic gap factor calculating the degree of the discrepancy. In addition, we illustrate prototype system architecture and make performance comparison with existing access control methods.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.5
• /
• pp.1205-1219
• /
• 2019

As the ability to use data becomes competitive power in the data-driven economy, the effort to create economic value by using personal data is emphasized as much as to protect personal data. EU's PSD2(the second Payment Service directive) became the initiative of the Open Banking trends all over the world, as it is the Mydata policy which protects the data subject's right by empowering the subject to control over the personal data with the right to data portability and promotes personal data usages and transfer. Korean government is now fast adopting EU's PSD2 in financial sector, but there is growing concerns in personal data abuse and misuse, and data breach. This study analyzes domestic financial Mydata policy in comparison with EU's PSD2 and focus on Personal information life-cycle risks of financial Mydata policy. Some suggestions on how to promote personal information and privacy in domestic financial Mydata Policy will be given.

• Asia pacific journal of information systems
• /
• v.22 no.4
• /
• pp.7-29
• /
• 2012

Smartphone and its applications (i.e. apps) are increasingly penetrating consumer markets. According to a recent report from Korea Communications Commission, nearly 50% of mobile subscribers in South Korea are smartphone users that accounts for over 25 million people. In particular, the importance of smartphone has risen as a geospatially-aware device that provides various location-based services (LBS) equipped with GPS capability. The popular LBS include map and navigation, traffic and transportation updates, shopping and coupon services, and location-sensitive social network services. Overall, the emerging location-based smartphone apps (LBA) offer significant value by providing greater connectivity, personalization, and information and entertainment in a location-specific context. Conversely, the rapid growth of LBA and their benefits have been accompanied by concerns over the collection and dissemination of individual users' personal information through ongoing tracking of their location, identity, preferences, and social behaviors. The majority of LBA users tend to agree and consent to the LBA provider's terms and privacy policy on use of location data to get the immediate services. This tendency further increases the potential risks of unprotected exposure of personal information and serious invasion and breaches of individual privacy. To address the complex issues surrounding LBA particularly from the user's behavioral perspective, this study applied the privacy calculus model (PCM) to explore the factors that influence the adoption of LBA. According to PCM, consumers are engaged in a dynamic adjustment process in which privacy risks are weighted against benefits of information disclosure. Consistent with the principal notion of PCM, we investigated how individual users make a risk-benefit assessment under which personalized service and locatability act as benefit-side factors and information privacy risks act as a risk-side factor accompanying LBA adoption. In addition, we consider the moderating role of trust on the service providers in the prohibiting effects of privacy risks on user intention to adopt LBA. Further we include perceived ease of use and usefulness as additional constructs to examine whether the technology acceptance model (TAM) can be applied in the context of LBA adoption. The research model with ten (10) hypotheses was tested using data gathered from 98 respondents through a quasi-experimental survey method. During the survey, each participant was asked to navigate the website where the experimental simulation of a LBA allows the participant to purchase time-and-location sensitive discounted tickets for nearby stores. Structural equations modeling using partial least square validated the instrument and the proposed model. The results showed that six (6) out of ten (10) hypotheses were supported. On the subject of the core PCM, H2 (locatability ${\rightarrow}$ intention to use LBA) and H3 (privacy risks ${\rightarrow}$ intention to use LBA) were supported, while H1 (personalization ${\rightarrow}$ intention to use LBA) was not supported. Further, we could not any interaction effects (personalization X privacy risks, H4 & locatability X privacy risks, H5) on the intention to use LBA. In terms of privacy risks and trust, as mentioned above we found the significant negative influence from privacy risks on intention to use (H3), but positive influence from trust, which supported H6 (trust ${\rightarrow}$ intention to use LBA). The moderating effect of trust on the negative relationship between privacy risks and intention to use LBA was tested and confirmed by supporting H7 (privacy risks X trust ${\rightarrow}$ intention to use LBA). The two hypotheses regarding to the TAM, including H8 (perceived ease of use ${\rightarrow}$ perceived usefulness) and H9 (perceived ease of use ${\rightarrow}$ intention to use LBA) were supported; however, H10 (perceived effectiveness ${\rightarrow}$ intention to use LBA) was not supported. Results of this study offer the following key findings and implications. First the application of PCM was found to be a good analysis framework in the context of LBA adoption. Many of the hypotheses in the model were confirmed and the high value of $R^2$ (i.,e., 51%) indicated a good fit of the model. In particular, locatability and privacy risks are found to be the appropriate PCM-based antecedent variables. Second, the existence of moderating effect of trust on service provider suggests that the same marginal change in the level of privacy risks may differentially influence the intention to use LBA. That is, while the privacy risks increasingly become important social issues and will negatively influence the intention to use LBA, it is critical for LBA providers to build consumer trust and confidence to successfully mitigate this negative impact. Lastly, we could not find sufficient evidence that the intention to use LBA is influenced by perceived usefulness, which has been very well supported in most previous TAM research. This may suggest that more future research should examine the validity of applying TAM and further extend or modify it in the context of LBA or other similar smartphone apps.

• ETRI Journal
• /
• v.41 no.4
• /
• pp.465-472
• /
• 2019

The major challenge in wireless body area networks (WBAN) is setting up a protected communication between data consumers and a body area network controller while meeting the security and privacy requirements. This paper proposes efficient and secure data communication in WBANs using a Twofish symmetric algorithm and ciphertext-policy attribute-based encryption with constant size ciphertext; in addition, the proposed scheme incorporates policy updating to update access policies. To the best of the author's knowledge, policy updating in WBAN has not been studied in earlier works. The proposed scheme is evaluated in terms of message size, energy consumption, and computation cost, and the results are compared with those of existing schemes. The result shows that the proposed method can achieve higher efficiency than conventional methods.

• Informatization Policy
• /
• v.26 no.3
• /
• pp.69-89
• /
• 2019

In order to implement smart cities that will become living spaces in the fourth industrial revolution era, detailed privacy information such as residents' living information, buildings and facilities information must be collected and processed in real time. While city functions and convenience for individuals are being facilitated, threats to personal information exposure and leakage are also likely to increase at the same time. Therefore, the design concept for personal information protection should be considered and accordingly reflected from the stages of smart city design, technology development and operation planning of intelligent information (AI) facilities. The results of the analysis show that for activation of smart cities and operation of data-driven cities, the concept of Privacy by Design (PbD) has already been introduced in the institutional, industrial and technological aspects, particularly in the cases of European countries and the US. In order to strengthen the local and global competitiveness of smart cities and the country, Korea also needs to actively deploy PbD as a strategy to secure a data-driven economy, which is the core strategy for smart cities. Therefore, the study suggests policy implications focused on approaches to legislative improvement and technology development support, which reflect the basic properties of PbD as defined in the study.

• Journal of Digital Convergence
• /
• v.10 no.3
• /
• pp.23-37
• /
• 2012

Illegal game players' hacking and propagation of malignant code in online game exposes privacy of online game customers. So, online game companies have to support the standardized systems and operations of customers' privacies. Since online game companies implement authentication of information protection, which focuses on assets or physical, systemic security, they need a more professional system that is related to protection of individual privacy. We analyzed the individual information protection system, which includes ISO27001, ISMS of KISA, GMITS, ePrivacy, online game privacy protection guide, and BS10012. Using the suggested systems, we proposed the systemic tools that measure the level of individual information protection, which includes process and check items of each phase.

• Journal of Digital Convergence
• /
• v.11 no.4
• /
• pp.57-69
• /
• 2013

Progresses in ICT make the processing and exchange of personal data across international borders often necessary and relatively easy. The challenge lies in protecting fundamental rights and freedoms of individuals, notably the right to privacy and the right to personal information, while encouraging the free and secure flow of information across borders for the continued expansion of online transactions. The key to establishing a functioning international solution for personal data protection is to strike a right balance between the two camps which currently dominate the debate - the advocates of individual privacy rights on one side exemplified by the EU, and the proponents of self-regulation and economic efficiency on the other, represented by the U.S. In the face of a growing tension between the two sides each equipped with their own ideals, a practical solution may lie in utilizing established institutions of standardization such as ISO and IEC as a ground upon which an agreement can take its root.

• Journal of Digital Convergence
• /
• v.13 no.4
• /
• pp.219-225
• /
• 2015

There has been an exponential growth in the distribution and possession of sensitive information because of the emergence of various information channels such as smart devices, social media, etc. This enables the internet based web or mobile service operation institutions collecting the more personal information with ease, and in turn causes the issues of the privacy concerns. Followings are the results of this study: First, the information privacy concern has the negative effects upon the trust. Second, the information privacy concern has the negative effects upon the provision intention of personal information and the trust has positive effects upon the offering intention of personal information. At last, the offering intention of the personal information has the positive effects upon the behavior to provide the personal information.